.TH NASL 1 "February 2021" "Greenbone Vulnerability Management" "NASL Attack Scripting Language"
.SH NAME
openvas-nasl \- NASL Attack Scripting Language
.SH SYNOPSIS
.B openvas-nasl
.I <[-Vh] [-T tracefile] [-s] [-t target] [-c config_file] [-d] [-sX] > files...
.SH DESCRIPTION
.BR openvas-nasl
executes a set of NASL scripts against a given target host. It can 
also be used to determine if a NASL script has any syntax errors by running
it in parse (\fB-p\fR) or lint (\fB-L\fR) mode.


.SH OPTIONS
.TP
.B \-T tracefile
Makes nasl write verbosely what the script does in the file
.I tracefile
, ala 'set \-x' under sh

.TP
.B \-t target
Apply the NASL script to
.I target
which may be a single host (127.0.0.1), a whole subnet (192.168.1.0/24)
or several subnets (192.168.1.0/24, 192.168.243.0/24)

.TP
.B \-e iface
Specifies the network interface to be used as the source for established
connections.

.TP
.B \-s
Sets the return value of safe_checks() to 1. (See the OpenVAS Scanner documentation to know
what the safe checks are) Implies \-B.

.TP
.B \-D
Only run the description part of the script.

.TP
.B \-B
Runs in description mode before running the script.

.TP
.B \-L
.BI Lint 
the script  (run extended checks).

.TP
.B \-X
Run the script with disabled signature verification.

.TP
.B \-h
Show help
.TP
.B \-V
Show the version of NASL.
.TP
.B \-d
Output debug information to stderr.

.TP
.B \-r port-range
This is the default range of ports that the scanner plugins will probe. The syntax of this option is flexible, it can be a single range ("1-1500"), several ports ("21,23,80"), several ranges of ports ("1-1500,32000-33000"). Note that you can specify UDP and TCP ports by prefixing each range by T or U. For instance, the following range will make openvas scan UDP ports 1 to 1024 and TCP ports 1 to 65535 : "T:1-65535,U:1-1024".

.TP
.B \-k key=value
Set KB key to value. Can be used multiple times.

.SH SEE ALSO
.BR openvas (8),
.BR openvas-nasl-lint (1)
.SH HISTORY
NASL comes from a private project called 'pkt_forge', which was written in late 1998 by Renaud Deraison and which was an interactive shell to forge and send raw IP packets (this pre-dates Perl's Net::RawIP by a couple of weeks). It was then extended to do a wide range of network-related operations and integrated into the scanner as 'NASL'. 

The parser was completely hand-written and a pain to work with. In Mid-2002, Michel Arboi wrote a bison parser for NASL, and he and Renaud Deraison re-wrote NASL from scratch. Although the "new" NASL was nearly working as early as 
August 2002, Michel's laziness made us wait for early 2003 to have it working completely.

After the original authors decided to stop the Open Source development in 2005, most changes and maintenance works were done by Greenbone Networks.

.SH AUTHOR
Most of the engine is (C) 2003 Michel Arboi, most of the built-in functions
are (C) 2003 Renaud Deraison.
Most new code since 2005 developed by Greenbone Networks GmbH.
